From 19a66dbf4f929c0d9aa89af5b2282470cfb5726b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 9 Sep 2006 20:34:15 +1000 Subject: - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user. --- ChangeLog | 3 ++- contrib/aix/buildbff.sh | 44 ++++++++++++++++++++------------------------ 2 files changed, 22 insertions(+), 25 deletions(-) diff --git a/ChangeLog b/ChangeLog index ead33c85b..5791ec255 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 20060909 - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h. + - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user. 20060908 - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch @@ -5418,4 +5419,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4538 2006/09/09 05:59:43 dtucker Exp $ +$Id: ChangeLog,v 1.4539 2006/09/09 10:34:15 dtucker Exp $ diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 09b9c118c..03f0d6048 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh @@ -1,7 +1,7 @@ #!/bin/sh # # buildbff.sh: Create AIX SMIT-installable OpenSSH packages -# $Id: buildbff.sh,v 1.8 2005/03/29 13:24:12 dtucker Exp $ +# $Id: buildbff.sh,v 1.9 2006/09/09 10:34:15 dtucker Exp $ # # Author: Darren Tucker (dtucker at zip dot com dot au) # This file is placed in the public domain and comes with absolutely @@ -200,33 +200,29 @@ do done echo -# Create PrivSep user if PrivSep not disabled in config -echo Creating PrivSep prereqs if required. -if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null +# Create PrivilegeSeparation user and group if not present +echo Checking for PrivilegeSeparation user and group. +if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null then - echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user," - echo "group or chroot directory." + echo "PrivSep group $SSH_PRIVSEP_USER already exists." else - echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." - - # create group if required - if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null - then - echo "PrivSep group $SSH_PRIVSEP_USER already exists." - else - echo "Creating PrivSep group $SSH_PRIVSEP_USER." - mkgroup -A $SSH_PRIVSEP_USER - fi + echo "Creating PrivSep group $SSH_PRIVSEP_USER." + mkgroup -A $SSH_PRIVSEP_USER +fi - # Create user if required - if lsuser "$SSH_PRIVSEP_USER" >/dev/null - then - echo "PrivSep user $SSH_PRIVSEP_USER already exists." - else - echo "Creating PrivSep user $SSH_PRIVSEP_USER." - mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER - fi +# Create user if required +if lsuser "$SSH_PRIVSEP_USER" >/dev/null +then + echo "PrivSep user $SSH_PRIVSEP_USER already exists." +else + echo "Creating PrivSep user $SSH_PRIVSEP_USER." + mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER +fi +if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null +then + echo UsePrivilegeSeparation not enabled, privsep directory not required. +else # create chroot directory if required if [ -d $PRIVSEP_PATH ] then -- cgit v1.2.3